<?php
// Script done by: César Hernández. USB FEB-2012.
// 10 FEB: Adaptado a PostgreSQL.

$error = "";

$conn = pg_connect("host=localhost dbname=orinoco_db user=admin password=xxxx" );

// Username and password send from html form using POST method
$username=$_POST['user'];
$password=$_POST['password'];

/* //Lets find some way to use this on Postgre
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
*/

$sql = "SELECT * FROM user WHERE id='$username' AND pass='$password'";
$result = pg_query($conn, $sql);

$count=pg_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $username, $password and redirect to file "home.php"
// Session makes possible to stay connected as "username" during page usage.

session_register("username");
session_register("password");
header("location:home.php");
}else {

echo "Wrong Username or Password";
}
?>

